I keep getting these popup ads that start with a URL that includes "documentsandsettings/localsettings/temp" and then changes to the ad's URL. I've noticed it also creates folders labeled DlfnTmp1, DlfnTmp2, etc. in the documentsandsettings/localsettings/temp folder. I can't figure out what's causing these popups. I've already uninstalled DeskAd Service using Control Panel -> Add & Remove, but the problem is still occurring. When I run Spybot, it says there's no spyware, and yet I keep getting these popups.

When I run ad-aware, I get DealHelper. So I tried a search on the net for removal instructions, but none of the files that the instructions list to delete are actually on my computer.

It seems to be only on IE, but occasionally they come up even when I'm using FireFox. Any idea what's causing this? It's been happening ever since I visited dictionary.com and not only were there a lot of popups blocked but it kept requesting access to download .exe files and eventually caused my computer to crash. (That got fixed when I used restore and restored back to the day before I visited dictionary.com.)

First off try the hijack this program, should be up in the thread at the top of this section, because first off, my friend just by clicking one simple link got almost 300 pieces of spyware and loads of trojans that would cause pop ups. Windows, what else could you expect :rolleyes:

Hi,
Sounds like your computer is completely infected with spyware/advertising programs!
Run your spyware programs in Safe Mode.
Here is a listing of free programs, and how to use them. They should take care of the issue:

If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

http://www.security-related.com/download2.htm
Download: SpyBot Search & Destroy; 1.3

AdAware at:
http://www.lavasoftusa.com
Download: AdAware_SE

CWShredder at:
http://www.intermute.com/products/cwshredder.html
(CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder".

All 3 of the above programs run better and much faster when run in SafeMode.

To get into SafeMode:
Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
When the options show on the screen, use the up and down arrow keys on the keyboard to select
"Safe Mode".
Press Enter

It's best to run the AdAware scan first; 3 times; then re-boot.
Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
Re- Boot.
Reason for running so many times:
Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
Running multiple times deletes most of it the first
Time.

If you wish to have a great program, after you clean out Spyware/Advertising Ware:
SpyWare Blaster 3.2
Great, free, program that STOPS spyware, trojans, home page hijacks, etc, BEFORE they get into your computer. Check it out at CNET at link:

http://www.download.com/SpywareBlaster/3000-8022_4-10305680.html?tag=lst-0-2

I haven't had any spyware at all since installing the Spyware Blaster.

Just for information:
If you wish to add or subtract from an Experts' reputation, or show appreciation or discontent with
An answer, click on the "balance scales" icon by the Experts' name. You can then choose what you wish.

Best wishes,
fredg

I'm on AOL, but I don't think that's the problem. I've been on that for years and never had trouble with popups until I went on dictionary.com one day and then all the popups started happening. Might be coincidence, but I don't think so.

AOL should have a virus scanner for you to use so no worries there, most likely adware and spyware. That's why never use IE to go to sites, always Firefox.

Well, the AOL techies told me to go to kw: spyware and try theirs, but all I could find was a link to spybot. I think version 8.0 doesn't come with it, and I didn't like the new style of 9.0, which is why I stuck with 8.0.

Well if you can try some of those free spyware adware scanners

Hello again,
Have you tried my suggestions for getting rid of Spyware yet?
The Deal Helper is Advertising/Spyware, and the AdAware_SE, and SpyBot, coupled with CWShredder will get rid of it for you.

Best wishes,
fredg

Sorry about taking so long to respond. I needed to let the computer run a few days in order to see if your suggestion worked, see. :) Unfortunately I still get popups every once in a while. Just not as often as before. :( And yes, this was after I did everything you suggested.

Hi,
Another good set of tools:
- hit Start/Run and type msconfig if it's an XP machine. You can download it for othe os's. It is a utility to see all the stuff that's going to run/is running. You can choose to start in "diagnostic startup" to get a clean boot too.

- Startup Control Panel, but a young guy named Mike Lin, MIT student.
http://www.mlin.net/StartupCPL.shtml

This will show you what's running on your computer when you start up. Kind of an online tool to safely edit the registry. It allows you to uncheck items which will then not run upon reboot. A stripped down version of msconfig

Hope that helps!

Tried that, but how do I know what to look for?

I look at task manager, check the Processes that are running. If you want, post a list or a screenshot for review here. I look up suspicious ones and find out what they are. It can take a while but I think it's worth it in the long run, to know what each does - it would be nice to start posting a list of them here.

Once you find the bad process, you can get it cleared. Just search for the process name and find out how to clear it (google it).

Also, mention here which OS you use, windows xp/2000/etc. - good to know for troubleshooting...

One more thing - there's a hosts file and an lmhosts file, check there too. Located somewhere around here:

C:\WINDOWS\system32\drivers\etc
(that's winxp)

Open it (use notepad) and look for entries in it. All, or nearly all lines should be commented out with # symbols. There might be one or two at the end that are not commented, but certainly not any suspicious looking ones.

Good thinking, I can't really know unless I know which os either, but I do know that if you are getting popups in Firefox you either have a virus bringing them in or adware/spyware. Oh and plus Firefox is now 1.01 now, they had a serious update needed on count of a hole in the program, but they caught it before it happened :D unlike Microsoft waiting till it happens :rolleyes:

How do I post a list without having to type out every single entry?

I'm on XP, by the way.

Either do type it out or just post a pic of the task manager running with it totally open and showing all the tasks. Basically just hit the print screen button right on the right side of the backspace button and go to paint and click paste and cut and copy the task manager to show. Either that or type it.

Do you need Startup or Services?

No just task manager.

Oh, I was thinking of msconfig, which was the previous suggestion.

I look at task manager, check the Processes that are running. If you want, post a list or a screenshot for review here. I look up suspicious ones and find out what they are. It can take a while but I think it's worth it in the long run, to know what each does - it would be nice to start posting a list of them here.

Once you find the bad process, you can get it cleared. Just search for the process name and find out how to clear it (google it).

Also, mention here which OS you use, windows xp/2000/etc. - good to know for troubleshooting...

One more thing - there's a hosts file and an lmhosts file, check there too. located somewhere around here:

C:\WINDOWS\system32\drivers\etc
(that's winxp)

Open it (use notepad) and look for entries in it. All, or nearly all lines should be commented out with # symbols. There might be one or two at the end that are not commented, but certainly not any suspicious looking ones.
i look at task manger, check the Processes that are running that sort of thing :) gives an idea of what may be going on, but not all the time, some can hide in the registry, etc.

I'm just going to list the Image Names...

Firefox.exe
Iexplore.exe
Taskmgr.exe
CIDAEMON.EXE
Aolwbspd.exe
Mcagent.exe
DSentry.exe
Directcd.exe
Alg.exe
Explorer.exe
McShield.exe
MpfAgent.exe
Mcvsshld.exe
Realsched.exe
Wanmpsvc.exe
AOL.exe
Aoltray.exe
Nvsvc32.exe
MpfService.exe
Mdm.exe
MpfTray.exe
Mcvsrte.exe
Cisvc.exe
Wsxsvc.exe
Spoolsv.exe
Support.exe
Svchost.exe
NotifyAlert.exe
ViewMgr.exe
Ctfmon.exe
Lsass.exe
Services.exe
Winlogon.exe
Csrss.exe
Smss.exe
McVSEscn.exe
Waol.exe
Ad-Aware.exe
System
System Idle Process

Now I don't know about AOL, but CIDAEMON.EXE I don't know if that is a AOL thing or not, I have not seen a virus or anything that uses that either. Hmmmm I need to talk to my buddy about this more, he has had something similar to this happen and I forgot what it was called he got rid of and solved the problem

According to this site it's part of Windows...

http://www.iamnotageek.com/a/cidaemon.exe.php

Well that's good, haven't seen it on many though. Hmmm he ain't home, well I will be asking about it tomorrow though, it was caused while he was surfing in IE and clicked the wrong thing and no scanner or anything picked it up and it was a registry fix he did.

This one looks suspicious:

Wsxsvc.exe

Here is how to remove it:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076775

Do you remember installing the 'delfin media viewer?'

More on this:
http://www.processlibrary.com/directory/files/wsxsvc/index.php
(use that site to check others too)

Very interesting to check out the company that created this:
http://www.delfinproject.com/
And click on Ad Spec's. It gives details on the crap they send out...

I did not finish looking at the entire list, you might try the processlibrary link above and search others. It might be worth the effort. Then publish it for others...

Good luck!

You know that rings a bell wsxsvc.exe

On that one web site that says to unregister/remove all those files and DLLs... none of them are present on my computer except for the license.txt, which is present for a whole bunch of stuff (like Adobe Acrobat and so on). According to my computer delfin isn't on there anywhere.

And no, I didn't download the viewer... at least not knowingly. It's possible when I went to dictionary.com it went and just installed itself into my machine. I noticed icons for a porn site and a couple of other things that suddenly appeared after I went to dictionary.com, so I wouldn't be surprised if delfin did that, too.

I did a search for info on that and that's part of the delfin viewer itself. So, how do I remove that without totally killing my computer?

Hi,
Another thing you can look at is what programs are starting up when you turn on or boot up the computer. All of these are listed under a StartUp tab.
Go to Start/Run , then type in MSCONFIG , then click on OK.
In that window, click on the StartUp tab.
Look over to the left hand side to see all the programs starting up when you boot up. You can scroll down to see the remaining ones.

You can Left click on any checkmark (to uncheck it) by something you don't recognize. For example, one of the Spyware programs shows "Load32".

After unchecking an item, click on Apply then OK, and re-boot.
If you have disabled something you need, you can always go back and re-check it.
Best wishes,
fredg

fredg, tried that and we'll see if it works.

Looks like turning it off in msconfig worked. Thanks, all!

I didn't notice it mentioned, so are you using a pop up blocker? Adware and virus protection won't stop all popups.

It was mentioned that she used IE and Firefox, don't know about IE or not if she has the Google toolbar, but Firefox will block them.

Yes, I have a popup blocker on both Firefox and IE. I know all popups can't be blocked, but at least the random ones that come up even when I don't have any browser open have stopped, not to mention the ones that were on IE windows, but I was only on Firefox.

Hi,
Here is a link about Deal Helper.

http://forum.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=36114

It is a very long process to get rid of it.

You might try downloading/installing Microsoft's Anti-Spyware program, available from Windows Update. or http://www.microsoft.com

Best of luck,
fredg

Actually, apparently it's not deal helper, because that stopped showing up on adaware just a day or two after I posted the problem.

You may also try the 7 day free trial of "Adware Away". This program solves a variety of spyware issues with a single program rather than using several others.
You can just Google the name to find the download site.